This page contains information about possible personal data included in the support (debug) bundle of One Identity Safeguard for Privileged Sessions.
What is exactly in the support/debug bundle?
First off, the contents of the debug bundle changes from version to version.
As a high level overview the Administrator Guide (Section 2.9.5) is correct.
The bundle contains the following:
1) Operating system logs and kernel logs that usually don't contain any personal or sensitive information
2) System state information, including
3) Configuration excerpt, with all credentials cleared out, however remote IP addresses (such as remote SMB and LDAP servers, etc) are included. Connection settings are also included, that may contain source and target IP addresses.
4) Logs of all internal components, such as web server, indexer service, etc. Web server logs contain the IP addresses accessing the SCB web interface; other components should not interact with users directly.
5) Connection logs, to be detailed below.
It is important to note that most of the logs are rotated at every 7 days. Exceptions are the web server (serving the SCB web UI and API) access and error logs and the upgrade logs.
What exactly COULD be in the debug bundle, in case of personal data in regards to the configured verbosity level?
Apart from log levels 8-10, no log messages contain any credentials or keys.
When running at the standard log level (4), the connection log messages contain client and server IP and port numbers and client usernames and possible certificate DN's.
The username and client IP addresses are also present when running on log level 3, on log level 4 other details, such as user groups and client/server software identification strings are present.
What are the best ways to completely anonymize all debug bundles prior the transferal to your support-engineers (any script or procedures available?)
Unfortunately there is no anonymizer script available, and completely anonymizing connection data would make the logs within the debug bundle almost useless. Pseudonymisig the data would be better, however it would take a considerable effort to implement it.
One Identity support is open to sign a legal agreement concerning the handling of personal data in the support bundle. Needless to say, all data within the debug bundle are already handled with the greatest care, they are stored and accessed securely and removed after they are not needed (ie. the support case gets closed).